Re: [RFC Draft] ACL in CVS proposal
Brought to you by:
tyranny
Menu
▾
▴
Re: [RFC Draft] ACL in CVS proposal
|
From: <mi...@ac...> - 2001-08-17 21:38:56
|
I'm resending this, because it may not have gone through the first time. mo...@no... writes: > I'd also like to introduce some comments/thoughts :-). Please see them > below. > > 08/17/2001 09:50:02 AM cvs-nserver-devel-admin wrote: > >* 99.99% of file permissions/ownership are the same in a directory. My > > patch does not have per-file permissions, and none of the users have > > ever asked for it, and in our group we have never needed it. > I think it would be useful to separate different kinds of developers from > each other :-). Suppose you have 'core' programmers and front-end > designers. Programmers write javascripts that perform some essential > functionality on client browser, designers write scripts to animate and > slow down interface as they love to do. Those scripts resides in a same > directory (or same directory hierarchy). Probably it would be useful to > separate 'scripts for programmers' and 'scripts for designers'. Another > example is the cvs-nserver sources itself where some files are shared > between client and server. Maybe Alex wishes to disallow some inaccurate > client writers from changing anything beyond their responsibility area :-) If it's the same directory hierarchy, then the different directories that house the different scripts can have different permission. And I'm not against per-file permissions, I'm pointing out that it will be the exception, not the rule; keeping that in mind can simplify the design and improve the user interface. > > > >* The concept of an owner is useful, because someone needs to maintain > > the permissions, create branches for sandboxes, and someone needs to > > have ultimate responsibility that is easily identifiable. In a > > large group, the administrators don't have the time nor the > > knowledge to maintain permissions. > Should it be 'module administrators'? Or maybe it would be useful to add > another type of action on ACL: 'allow to modify ACL [for a particular > file/module/branch/etc]?' If you are saying that we should allow something more fine-grained (permission to make branches, permission to change ACLs), that's fine, I agree that it could be useful; better than a simple owner. > > >* You need the concept of a CVS administrator. > Should it be the only person or each module/branch etc can have its own > administrator? Someone needs access to the repository with the ability to do anything, and the verification needs to be done outside the normal ACL verification (so if the ACLs accidentally get deleted or set wrong, they can still work on the repository). I have a separate admin file in the CVSROOT directory, anyone in that file can do anything to the repository as if they were the owner. Good comments, we need to get a good discussion going. I'm not saying I am right here, I'm just voicing my experience. It would be nice to have some others with experience maintaining a repository for a group. I can ask some of the people that use my patch for input, or maybe we can allow them on the mailing list, or maybe we can come up with a strawman to run by the users to see what they think. -Corey |
